在Tomcat中实现自定义身份验证 [英] Implementing Custom Authentication with Tomcat
问题描述
嘿所有,
我使用Tomcat 6.0.14,并想知道,以实现使我们能够向用户发送一个链接,说mysite.com?token=12345678912334333(long串持续的系统),但将允许自动登录用户。
Hey all, I'm using Tomcat 6.0.14 and would like to know to implement a system that would allow us to send users a link say mysite.com?token=12345678912334333(long string continued) but that would allow the user to be logged in automatically.
推荐答案
除非有特定的到Tomcat等原因,也无法修改你的web应用,那么它可能是最容易使用自定义过滤器做认证(JAAS或其他)。例如:
Unless you have other reasons specific to Tomcat, or you are unable to modify your web application, then it might be easiest to use a custom filter to do the authentication (JAAS or otherwise). For example:
- http://www.kopz.org/public/documents/tomcat/ jaasintomcat.html
- http://securityfilter.sourceforge.net/
- http://www.kopz.org/public/documents/tomcat/jaasintomcat.html
- http://securityfilter.sourceforge.net/
通过自定义过滤器,你可以在你在一个相对简单的方式想的任何方式进行身份验证。
With a custom filter, you could authenticate in whatever way you wanted to in a relatively straightforward way.
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
String token = request.getParameter("token");
if (token != null) {
doAuthentication(token);
}
chain.doFilter(request, wrapper);
}
您标记JAAS。这不仅仅是一个简单的令牌认证不同,但如果这是你在找什么,你熟悉的Tomcat的JAASRealm?你只需要编写自己的的LoginModule 验证令牌。
You tagged with JAAS. That's different than just authenticating with a simple token, but if that's what you are looking for, are you familiar with Tomcat's JAASRealm? You would just have to write your own LoginModule to authenticate the token.
- http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JAASRealm
这可能不言而喻,通过E-mail使用基于令牌登录本质上是不安全的,因此并不适用于所有类型的应用程序。
It probably goes without saying that using token based login via E-mail is inherently insecure, and so is not appropriate for all types of applications.
这篇关于在Tomcat中实现自定义身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
